44 |
44 |
45 hassni = getattr(ssl, 'HAS_SNI', False) |
45 hassni = getattr(ssl, 'HAS_SNI', False) |
46 |
46 |
47 # TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled |
47 # TLS 1.1 and 1.2 may not be supported if the OpenSSL Python is compiled |
48 # against doesn't support them. |
48 # against doesn't support them. |
|
49 # FIXME: Since CPython commit 6e8cda91d92da72800d891b2fc2073ecbc134d98 |
|
50 # individual TLS versions can be turned on and off, and the |
|
51 # ssl.PROTOCOL_TLSv1_* constants are always defined. |
|
52 # This means that, on unusual configurations, the following dict may contain |
|
53 # too many entries. A proper fix would be to check ssl.HAS_TLSv* where |
|
54 # available (Python 3.7+). Before that, this module should be proofed against |
|
55 # all possible combinations. |
49 supportedprotocols = {b'tls1.0'} |
56 supportedprotocols = {b'tls1.0'} |
50 if util.safehasattr(ssl, b'PROTOCOL_TLSv1_1'): |
57 if util.safehasattr(ssl, b'PROTOCOL_TLSv1_1'): |
51 supportedprotocols.add(b'tls1.1') |
58 supportedprotocols.add(b'tls1.1') |
52 if util.safehasattr(ssl, b'PROTOCOL_TLSv1_2'): |
59 if util.safehasattr(ssl, b'PROTOCOL_TLSv1_2'): |
53 supportedprotocols.add(b'tls1.2') |
60 supportedprotocols.add(b'tls1.2') |